Saturday, September 25, 2010

In the second major XSS (cross-site scripting) attack on a major social networking service this week, Google owned Orkut was flooded with "Bom Sabado" scraps.

The word "Bom Sabado" means "Good Saturday" in Portuguese, which is the also the official language of Brazil, one of the last remaining Orkut bastions in the world.

The worm seems to be posting scraps with the text "Bom Sabado" and also adding affected users to new Orkut groups. Such XSS attacks have targeted Orkut in the past too.

Experts have advised users to avoid logging on to Orkut till Orkut engineers fix the hole and also not to click on any suspicious links. Orkut had just last month announced new updates to the website.

Earlier this week, the popular microblogging website Twitter was also at the receiving end of an XSS exploit. The attack, which emerged and was shut down within hours Tuesday morning, involved a XSS flaw that allowed users to run JavaScript programs on other computers.